MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-03 16:34:31 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(windows-sandbox): resolve merge conflicts and apply final polish

Browse Source
This commit is contained in:
mkorwel
2026-03-18 13:48:27 -07:00
parent 7268c120b8 fd44718bfe
commit 4dbbb84063
347 changed files with 17279 additions and 5989 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/cli/plan-mode.md
+22 -1
View File
@@ -120,7 +120,8 @@ These are the only allowed tools:
[`list_directory`](../tools/file-system.md#1-list_directory-readfolder),
[`glob`](../tools/file-system.md#4-glob-findfiles)
- **Search:** [`grep_search`](../tools/file-system.md#5-grep_search-searchtext),
[`google_web_search`](../tools/web-search.md)
[`google_web_search`](../tools/web-search.md),
[`get_internal_docs`](../tools/internal-docs.md)
- **Research Subagents:**
[`codebase_investigator`](../core/subagents.md#codebase-investigator),
[`cli_help`](../core/subagents.md#cli-help-agent)
@@ -459,6 +460,26 @@ Manual deletion also removes all associated artifacts:
If you use a [custom plans directory](#custom-plan-directory-and-policies),
those files are not automatically deleted and must be managed manually.
## Non-interactive execution
When running Gemini CLI in non-interactive environments (such as headless
scripts or CI/CD pipelines), Plan Mode optimizes for automated workflows:
- **Automatic transitions:** The policy engine automatically approves the
`enter_plan_mode` and `exit_plan_mode` tools without prompting for user
confirmation.
- **Automated implementation:** When exiting Plan Mode to execute the plan,
Gemini CLI automatically switches to
[YOLO mode](../reference/policy-engine.md#approval-modes) instead of the
standard Default mode. This allows the CLI to execute the implementation steps
automatically without hanging on interactive tool approvals.
**Example:**
```bash
gemini --approval-mode plan -p "Analyze telemetry and suggest improvements"
```
[`plan.toml`]:
https://github.com/google-gemini/gemini-cli/blob/main/packages/core/src/policy/policies/plan.toml
[Conductor]: https://github.com/gemini-cli-extensions/conductor
docs/cli/sandbox.md
+13 -70
View File
@@ -52,78 +52,21 @@ from your organization's registry.
### 3. Windows Native Sandbox (Windows only)
Built-in sandboxing for Windows using Restricted Tokens and Job Objects. This
method provides process isolation without requiring Docker or other container
runtimes.
... **Troubleshooting and Side Effects:**
**Prerequisites:**
The Windows Native sandbox uses the `icacls` command to set a "Low Mandatory
Level" on files and directories it needs to write to.
- Windows 10/11 or Windows Server.
- No additional software required (uses a built-in C# helper).
**How it works:**
The Windows native sandbox leverages:
- **Restricted Tokens**: Strips administrator privileges and high-level SIDs
from the process.
- **Job Objects**: Ensures the entire process tree is terminated when the parent
session ends.
- **Mandatory Integrity Levels (Low)**: Restricts the process to "Low"
integrity, preventing it from writing to most of the system and workspace by
default.
**Enabling Windows Native Sandbox:**
```json
{
"tools": {
"sandbox": {
"enabled": true,
"command": "windows-native"
}
}
}
```
Or via environment variable:
```bash
$env:GEMINI_SANDBOX="windows-native"
```
**Permissions:**
By default, the Windows native sandbox is restricted. If you need it to write to
specific directories, you must add them to `allowedPaths`:
```json
{
"tools": {
"sandbox": {
"enabled": true,
"command": "windows-native",
"allowedPaths": ["C:\\path\\to\\output"]
}
}
}
```
**Network Access:**
Network access is disabled by default in "Strict" mode. To enable it:
```json
{
"tools": {
"sandbox": {
"enabled": true,
"command": "windows-native",
"networkAccess": true
}
}
}
```
- **Persistence**: These integrity level changes are persistent on the
filesystem. Even after the sandbox session ends, files created or modified by
the sandbox will retain their "Low" integrity level.
- **Manual Reset**: If you need to reset the integrity level of a file or
directory, you can use:
```powershell
icacls "C:\path\to\dir" /setintegritylevel Medium
```
- **System Folders**: The sandbox manager automatically skips setting integrity
levels on system folders (like `C:\Windows`) for safety.
### 4. gVisor / runsc (Linux only)
docs/cli/settings.md
+3
View File
@@ -125,7 +125,9 @@ they appear in the UI.
| UI Label | Setting | Description | Default |
| ------------------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
| Tool Sandboxing | `security.toolSandboxing` | Experimental tool-level sandboxing (implementation in progress). | `false` |
| Disable YOLO Mode | `security.disableYoloMode` | Disable YOLO mode, even if enabled by a flag. | `false` |
| Disable Always Allow | `security.disableAlwaysAllow` | Disable "Always allow" options in tool confirmation dialogs. | `false` |
| Allow Permanent Tool Approval | `security.enablePermanentToolApproval` | Enable the "Allow for all future sessions" option in tool confirmation dialogs. | `false` |
| Auto-add to Policy by Default | `security.autoAddToPolicyByDefault` | When enabled, the "Allow for all future sessions" option becomes the default choice for low-risk tools in trusted workspaces. | `false` |
| Blocks extensions from Git | `security.blockGitExtensions` | Blocks installing and loading extensions from Git. | `false` |
@@ -150,6 +152,7 @@ they appear in the UI.
| Plan | `experimental.plan` | Enable Plan Mode. | `true` |
| Model Steering | `experimental.modelSteering` | Enable model steering (user hints) to guide the model during tool execution. | `false` |
| Direct Web Fetch | `experimental.directWebFetch` | Enable web fetch behavior that bypasses LLM summarization. | `false` |
| Topic & Update Narration | `experimental.topicUpdateNarration` | Enable the experimental Topic & Update communication model for reduced chattiness and structured progress reporting. | `false` |
### Skills
docs/cli/tutorials/mcp-setup.md
+1 -1
View File
@@ -52,7 +52,7 @@ You tell Gemini about new servers by editing your `settings.json`.
"--rm",
"-e",
"GITHUB_PERSONAL_ACCESS_TOKEN",
"ghcr.io/modelcontextprotocol/servers/github:latest"
"ghcr.io/github/github-mcp-server:latest"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PERSONAL_ACCESS_TOKEN}"